...
Account Management
Inventory user accounts
Create, Update and Delete user accounts
Enable and Disable user accounts
Reset user account password
Group Management
Inventory groups
Inventory group memberships
Create and Delete delete groups
Add and Remove members to and from groupsremove group memberships
Add group member to the group
Remove group member from the group
Role Management
Inventory Azure roles
Inventory Azure role memberships
Create new Inventory Azure role memberships
Create Azure RBAC and Custom Directory roles
Assign users to Azure roles
License Management
Inventory License bundles, License pools, Tenant subscriptions
Add and Remove users to and from Azure roles license assignments for users
Add and Remove license assignments for groups
Application Management
Inventory Azure Applications, Credentials, App Roles, Scopes, App Role assignments, Scope assignments
Create Azure OIDC, SAML (non-gallery) and SAML (gallery) applications
Edit & Delete Azure Application
Create & Delete Client Secret & Certificate
Create & Delete Scope & AppRole
Update API Permissions
Update Token Configuration
Attribute Flow
Users in Azure Active Directory are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Active Directory user attributes to EmpowerID Person attributes.
Person Attribute | External Directory Attribute | EmpowerID Person Attribute
AboutMe | ActiveprofileUrl |
Active | |
MailNickname | EmailAlias |
BusinessPhonesactive | |
BusinessPhoneCity | phoneNumbers[?@.type=='work'].value |
City | CompanyNamecity |
Company | companyName |
CostCenter | employeeOrgData.costCenter |
CountryCountry | country |
CustomAttribute10 | usageLocation |
Department | Department |
DisplayName | FriendlyName |
EmployeeId | EmployeeID |
FaxNumber | Fax |
GivenName | FirstName |
JobTitle | Title |
Surname | LastName |
UserPrincipalName | Login |
Manager | ManagerPersonID |
MobilePhone | MobilePhone |
OfficeLocation | Office |
MailboxSettings -> AutomaticRepliesSetting -> ExternalAudience | OofAudience |
MailboxSettings-> AutomaticRepliesSetting -> ScheduledEndDateTime | OofEndDate |
MailboxSettings-> AutomaticRepliesSetting-> ExternalReplyMessage | OofExternalMsg |
MailboxSettings-> AutomaticRepliesSetting-> InternalReplyMessage | OofInternalMsg |
MailboxSettings-> AutomaticRepliesSetting-> ScheduledStartDateTime | OofStartDate |
MailboxSettings -> AutomaticRepliesSetting -> Status | OofStatus |
PreferredDataLocation | preferredDataLocation |
PreferredLanguage | PreferredLanguage |
state | State |
StreetAddress | StreetAddress |
UserType | UserType |
PostalCode | PostalCode['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['department'] |
Description | description |
Division | employeeOrgData.division |
effectiveEndDate | endDateTime |
EffectiveStartDate | startDateTime |
emails[?@.type=='work'].value | |
EmailAlias | externalId |
EmployeeID | ['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['employeeNumber'] |
EmployeeType | employeeType |
ExtensionAttribute1 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute1'] |
ExtensionAttribute10 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute10'] |
ExtensionAttribute11 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute11'] |
ExtensionAttribute12 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute12'] |
ExtensionAttribute13 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute13'] |
ExtensionAttribute14 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute14'] |
ExtensionAttribute15 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute15'] |
ExtensionAttribute2 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute2'] |
ExtensionAttribute3 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute3'] |
ExtensionAttribute4 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute4'] |
ExtensionAttribute5 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute5'] |
ExtensionAttribute6 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute6'] |
ExtensionAttribute7 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute7'] |
ExtensionAttribute8 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute8'] |
ExtensionAttribute9 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute9'] |
Fax | phoneNumbers[?@.type=='fax'].value |
FirstName | name.givenName |
FriendlyName | displayName |
GenerationalSuffix | name.honorificSuffix |
HomeTelephone | phoneNumbers[?@.type=='home'].value |
LastName | name.familyName |
Login | userName |
ManagerPersonID | manager |
MiddleName | name.middleName |
MobilePhone | phoneNumbers[?@.type=='mobile'].value |
Office | addresses[?@.type=='other'].formatted |
OofAudience | externalAudience |
OofEndDate | scheduledEndDateTime |
OofExternalMsg | externalReplyMessage |
OofInternalMsg | internalReplyMessage |
OofStartDate | scheduledStartDateTime |
OofStatus | status |
PhotoURL | photos[?@.type=='work'].value |
PostalCode | addresses[?@.type=='work'].postalCode |
PreferredLanguage | preferredLanguage |
State | state |
StreetAddress | addresses[?@.type=='work'].streetAddress |
Telephone | phoneNumbers[?@.type=='other'].value |
Title | title |
...
Next Steps
Register a service principal for the Azure AD SCIM Microservice
...